Sunj3To

**Name of the Vulnerable Software and Affected Versions** Landing-CMS version 0.0.6 **Description** An issue was discovered that allows a CSRF vulnerability, enabling the change of the admin's password via the "password/" URI. **Recommendations** For Landing-CMS version 0.0.6, update to a version that includes a fix for this issue, as using the current version poses a significant risk due to the potential for unauthorized password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotaru CMS version 1.7.2 **Description** A stored XSS issue was found in the admin index.php?page=settings `SITE NAME` field, allowing for potential exploitation. **Recommendations** For Hotaru CMS version 1.7.2, update to a newer version that contains a fix for this issue, as using the `SITE NAME` field in the admin index.php?page=settings page can lead to exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** daveismyname simple-cms versions through 2014-03-11 **Description** The issue is related to a CSRF vulnerability. This vulnerability can be exploited to delete any page via the "admin/?delpage=8" endpoint, using the `delpage` variable. **Recommendations** For versions through 2014-03-11, as a temporary workaround, consider restricting access to the "admin/?delpage=8" endpoint to minimize the risk of exploitation. Avoid using the `delpage` variable in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMSUno versions prior to 1.5.3 **Description** The issue allows for XSS via the title field. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tp5cms versions prior to 2017-05-25 **Description** The issue allows for CSRF via the "admin.php/category/delete.html" endpoint. This can potentially lead to unauthorized actions on the affected system. **Recommendations** For versions prior to 2017-05-25, as a temporary workaround, consider restricting access to the "admin.php/category/delete.html" endpoint until a patch is available.